private0kunden-vrgomailonline.ru Open in urlscan Pro
2a00:f940:2:2:1:4:0:101  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request login.html Show response private0kunden-vrgomailonline.ru/PPR/app/	10 KB 3 KB	255ms 67ms	Document text/html	2a00:f940:2:2:1:4:0:101 AS-REG
General Check archive.org Show headers Download Go to Full URL https://private0kunden-vrgomailonline.ru/PPR/app/login.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:4:0:101 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash cb2cbb2e8c3867d23d72f90b255085ccacc5a7b19bfac5939862c5c73f80bc79 Request headers :method GET :authority private0kunden-vrgomailonline.ru :scheme https :path /PPR/app/login.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers server nginx date Fri, 27 Aug 2021 07:20:34 GMT content-type text/html; charset=utf-8 last-modified Tue, 24 Aug 2021 01:29:25 GMT content-encoding gzip
GET H2	200	ruxitagentjs_ICA2SVfhjqrux_10217210531114014.js Show response www.volksbank-eg.de/banking-private/	218 KB 83 KB	176ms 25ms	Script text/javascript	194.149.254.20 FIDUCIA
General Check archive.org Show headers Download Go to Full URL https://www.volksbank-eg.de/banking-private/ruxitagentjs_ICA2SVfhjqrux_10217210531114014.js Requested by Host: private0kunden-vrgomailonline.ru URL: https://private0kunden-vrgomailonline.ru/PPR/app/login.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.149.254.20 , Germany, ASN15590 (FIDUCIA, DE), Reverse DNS Software / Resource Hash e486c3a8aa8c2d77003fe7ba823730e293ecb220b2681c2e4981cabcbd11eb08 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://private0kunden-vrgomailonline.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 27 Aug 2021 06:37:02 GMT content-encoding gzip last-modified Wed, 03 Mar 2010 07:01:40 GMT age 2612 vary Accept-Encoding content-type text/javascript;charset=utf-8 cache-control public, max-age=31536000, immutable strict-transport-security max-age=31536000 content-length 84908 expires Sat, 27 Aug 2022 06:37:02 GMT
GET H2	200	xbf-styles.css www.volksbank-eg.de/banking-private/resource/	144 KB 29 KB	208ms 57ms	Stylesheet text/css	194.149.254.20 FIDUCIA
General Check archive.org Show headers Download Go to Full URL https://www.volksbank-eg.de/banking-private/resource/xbf-styles.css?rzbk=4501&rzid=XC&style=bvr2014 Requested by Host: private0kunden-vrgomailonline.ru URL: https://private0kunden-vrgomailonline.ru/PPR/app/login.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.149.254.20 , Germany, ASN15590 (FIDUCIA, DE), Reverse DNS Software / Resource Hash d2496faa50133b73f264401638c1ff3e4833f52c60ecf570c1eccdccd238d50e Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://private0kunden-vrgomailonline.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 27 Aug 2021 06:59:14 GMT content-encoding gzip x-content-type-options nosniff age 1280 vary Accept-Encoding content-type text/css x-oneagent-js-injection true cache-control max-age=10800 strict-transport-security max-age=31536000 accept-charset UTF-8 content-length 29263 x-xss-protection 1; mode=block expires Fri, 27 Aug 2021 09:59:15 GMT
GET H2	200	navigationResponsive.css private0kunden-vrgomailonline.ru/PPR/app/	57 KB 11 KB	74ms 73ms	Stylesheet text/css	2a00:f940:2:2:1:4:0:101 AS-REG
General Check archive.org Show headers Download Go to Full URL https://private0kunden-vrgomailonline.ru/PPR/app/navigationResponsive.css?rzbk=4501&rzid=XC&style=bvr2014 Requested by Host: private0kunden-vrgomailonline.ru URL: https://private0kunden-vrgomailonline.ru/PPR/app/login.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:4:0:101 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash 82e39b8ccec454316ddef677c72f6bb0aa36f6d6d3387a59a6953d0353b1543b Request headers :path /PPR/app/navigationResponsive.css?rzbk=4501&rzid=XC&style=bvr2014 pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept text/css,*/*;q=0.1 cache-control no-cache sec-fetch-dest style :authority private0kunden-vrgomailonline.ru referer https://private0kunden-vrgomailonline.ru/PPR/app/login.html :scheme https sec-fetch-site same-origin :method GET Referer https://private0kunden-vrgomailonline.ru/PPR/app/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 27 Aug 2021 07:20:34 GMT content-encoding gzip last-modified Sat, 14 Aug 2021 13:25:12 GMT server nginx content-type text/css
GET H2	200	indiv.css private0kunden-vrgomailonline.ru/PPR/app/	219 B 251 B	74ms 73ms	Stylesheet text/css	2a00:f940:2:2:1:4:0:101 AS-REG
General Check archive.org Show headers Download Go to Full URL https://private0kunden-vrgomailonline.ru/PPR/app/indiv.css?rzbk=4501&rzid=XC&style=bvr2014 Requested by Host: private0kunden-vrgomailonline.ru URL: https://private0kunden-vrgomailonline.ru/PPR/app/login.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:4:0:101 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash 66af37cd22a7938b564eaf7cfeb23e1cbced0a185dbea4228e5eb71bba01b5b9 Request headers :path /PPR/app/indiv.css?rzbk=4501&rzid=XC&style=bvr2014 pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept text/css,*/*;q=0.1 cache-control no-cache sec-fetch-dest style :authority private0kunden-vrgomailonline.ru referer https://private0kunden-vrgomailonline.ru/PPR/app/login.html :scheme https sec-fetch-site same-origin :method GET Referer https://private0kunden-vrgomailonline.ru/PPR/app/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 27 Aug 2021 07:20:34 GMT content-encoding gzip last-modified Sat, 14 Aug 2021 13:25:02 GMT server nginx content-type text/css
GET H2	200	teleco.js Show response private0kunden-vrgomailonline.ru/PPR/app/js/	3 KB 691 B	51ms 51ms	Script application/javascript	2a00:f940:2:2:1:4:0:101 AS-REG
General Check archive.org Show headers Download Go to Full URL https://private0kunden-vrgomailonline.ru/PPR/app/js/teleco.js Requested by Host: private0kunden-vrgomailonline.ru URL: https://private0kunden-vrgomailonline.ru/PPR/app/login.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:4:0:101 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash 581e2212950ffda93508ed6f2c2fbd662624c5378eb521a6d96bcd77cf5ea02a Request headers :path /PPR/app/js/teleco.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority private0kunden-vrgomailonline.ru referer https://private0kunden-vrgomailonline.ru/PPR/app/login.html :scheme https sec-fetch-site same-origin :method GET Referer https://private0kunden-vrgomailonline.ru/PPR/app/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 27 Aug 2021 07:20:34 GMT content-encoding gzip last-modified Sun, 15 Aug 2021 12:48:22 GMT server nginx content-type application/javascript
GET H2	200	ebpe-logo private0kunden-vrgomailonline.ru/PPR/app/	9 KB 9 KB	65ms 65ms	Image image/jpeg	2a00:f940:2:2:1:4:0:101 AS-REG
General Check archive.org Show headers Download Go to Show image Full URL https://private0kunden-vrgomailonline.ru/PPR/app/ebpe-logo Requested by Host: private0kunden-vrgomailonline.ru URL: https://private0kunden-vrgomailonline.ru/PPR/app/login.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:4:0:101 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash 3effffdf461cc81281c4726265e1bb7259f08330c388ca5579d48c241cac0064 Request headers :path /PPR/app/ebpe-logo pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority private0kunden-vrgomailonline.ru referer https://private0kunden-vrgomailonline.ru/PPR/app/login.html :scheme https sec-fetch-site same-origin :method GET Referer https://private0kunden-vrgomailonline.ru/PPR/app/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 27 Aug 2021 07:20:34 GMT last-modified Tue, 24 Aug 2021 00:55:02 GMT server nginx accept-ranges bytes content-length 8720
GET H2	200	xhtml-filler www.volksbank-eg.de/banking-private/resource/	43 B 168 B	23ms 22ms	Image image/gif	194.149.254.20 FIDUCIA
General Check archive.org Show headers Download Go to Show image Full URL https://www.volksbank-eg.de/banking-private/resource/xhtml-filler?rzbk=4501&rzid=XC&style=bvr2014 Requested by Host: private0kunden-vrgomailonline.ru URL: https://private0kunden-vrgomailonline.ru/PPR/app/login.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.149.254.20 , Germany, ASN15590 (FIDUCIA, DE), Reverse DNS Software / Resource Hash 33dcafb8470734f44deceefaeb93ca1f4a82f79f8b9a15c7b7176a10b7bde15b Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://private0kunden-vrgomailonline.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 27 Aug 2021 07:03:41 GMT x-content-type-options nosniff age 1013 strict-transport-security max-age=31536000 content-type image/gif x-oneagent-js-injection true cache-control max-age=10800 server-timing dtRpid;desc="-1148314398" accept-charset UTF-8 content-length 43 x-xss-protection 1; mode=block expires Fri, 27 Aug 2021 10:03:41 GMT
GET H2	200	ebpe-infolink www.volksbank-eg.de/banking-private/resource/	238 B 356 B	22ms 22ms	Image image/svg+xml	194.149.254.20 FIDUCIA
General Check archive.org Show headers Download Go to Show image Full URL https://www.volksbank-eg.de/banking-private/resource/ebpe-infolink?rzbk=4501&rzid=XC&style=bvr2014 Requested by Host: private0kunden-vrgomailonline.ru URL: https://private0kunden-vrgomailonline.ru/PPR/app/login.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.149.254.20 , Germany, ASN15590 (FIDUCIA, DE), Reverse DNS Software / Resource Hash ece0245da35fdd267a149939344cd40f8ef0ad634dfd4244b1beb10f512a1189 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://private0kunden-vrgomailonline.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 27 Aug 2021 06:57:28 GMT content-encoding gzip x-content-type-options nosniff age 1386 vary Accept-Encoding content-type image/svg+xml x-oneagent-js-injection true cache-control max-age=10800 server-timing dtRpid;desc="-1533096863" strict-transport-security max-age=31536000 accept-charset UTF-8 content-length 210 x-xss-protection 1; mode=block expires Fri, 27 Aug 2021 09:57:28 GMT
GET H2	200	ips www.volksbank-eg.de/banking-private/	27 KB 27 KB	23ms 23ms	Image image/jpeg	194.149.254.20 FIDUCIA
General Check archive.org Show headers Download Go to Show image Full URL https://www.volksbank-eg.de/banking-private/ips?url=~687474703a2f2f7863343530312e70762d6e2e77656263656e7465722e727a2e62616e6b656e69742e64653a38302f636f6e74656e742f66343530312d312f65627065323031342f77657262756e672f6e69636874616e67656d656c6465742f6170706c657061792d6d312d63726f73736e6176692f5f6a63725f636f6e74656e742f61646e617669676174696f6e2f696d6167652e696d672e706e672f313630323037323938393833392e706e67&domainId=WERBUNG&s=302c02146de3a704aa4c93d48aa4836c80e74f87a74c433902141612cb1ce305b68c5bd7d69aa0e06e007ada4289 Requested by Host: private0kunden-vrgomailonline.ru URL: https://private0kunden-vrgomailonline.ru/PPR/app/login.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 194.149.254.20 , Germany, ASN15590 (FIDUCIA, DE), Reverse DNS Software / Resource Hash 656e84f6b5128c78bc661689fa122f47491026d658a0970cda28df30e47ddf53 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://private0kunden-vrgomailonline.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Fri, 27 Aug 2021 06:49:29 GMT x-content-type-options nosniff last-modified Wed, 07 Oct 2020 12:16:28 GMT age 1865 etag "1602072989:dtagent10219210719121502aTRy" strict-transport-security max-age=31536000 content-type image/jpeg x-oneagent-js-injection true cache-control max-age=10800 server-timing dtRpid;desc="599813780" content-length 27706 x-xss-protection 1; mode=block expires Fri, 27 Aug 2021 10:09:37 GMT
GET DATA	200 OK	truncated /	329 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash a07e35a0a48199eb5cde940517b95ba921bb4a58e173dfea2468c5e4b5578897 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers Content-Type image/svg+xml;charset=US-ASCII

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Volksbank (Banking)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| dT_ object| dtrum function| valZip function| valKonto function| valKontoerr function| valTan function| valTanerr

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

private0kunden-vrgomailonline.ru
www.volksbank-eg.de
194.149.254.20
2a00:f940:2:2:1:4:0:101
33dcafb8470734f44deceefaeb93ca1f4a82f79f8b9a15c7b7176a10b7bde15b
3effffdf461cc81281c4726265e1bb7259f08330c388ca5579d48c241cac0064
581e2212950ffda93508ed6f2c2fbd662624c5378eb521a6d96bcd77cf5ea02a
656e84f6b5128c78bc661689fa122f47491026d658a0970cda28df30e47ddf53
66af37cd22a7938b564eaf7cfeb23e1cbced0a185dbea4228e5eb71bba01b5b9
82e39b8ccec454316ddef677c72f6bb0aa36f6d6d3387a59a6953d0353b1543b
a07e35a0a48199eb5cde940517b95ba921bb4a58e173dfea2468c5e4b5578897
cb2cbb2e8c3867d23d72f90b255085ccacc5a7b19bfac5939862c5c73f80bc79
d2496faa50133b73f264401638c1ff3e4833f52c60ecf570c1eccdccd238d50e
e486c3a8aa8c2d77003fe7ba823730e293ecb220b2681c2e4981cabcbd11eb08
ece0245da35fdd267a149939344cd40f8ef0ad634dfd4244b1beb10f512a1189